Data, privacy & cybersecurity

Data, Privacy & Cybersecurity

Opportunities and challenges from Vietnam's list of important and core data

On July 1, 2025, the Prime Minister issued Decision 20/2025/QD-TTg, officially announcing the list of important data and core data of Vietnam. This is an important step in the context that Vietnam is promoting digital transformation, building e-Government and protecting cyber security according to the Data Law 2024. The list clearly distinguishes which types of data are considered critical and which are considered core data with different protection requirements. With 26 types of core data and 43 types of important data, this Decision reflects the State's priority in protecting national interests, security and socio-economic development.

Vietnam's cross-border data transfer legal framework: Perspectives from the Data Law 2024 and the Personal Data Protection Law 2025

In the era of digital transformation and international integration, cross-border data transfer, including personal data, is becoming increasingly essential, playing an important role in the economy, trade and management. Vietnam has developed two important legal documents to regulate this activity: the Data Law 2024 passed by the National Assembly on November 30, 2024, effective from July 1, 2025) and the Law on Personal Data Protection 2025 adopted on June 26, 2025, which will take effect from January 1, 2026. While both laws are intended to govern and protect data, their scope and focus differ. If the Data Law 2024 regulates all digital data, treating data as a national asset, while the Personal Data Protection Law 2025 focuses on protecting personal privacy.

Some positive impacts of the Draft Law on Cybersecurity 2025 on businesses

In the context that Vietnam is promoting national digital transformation and deep integration into the global economy, cyberspace has become an important driving force for economic and social development, but at the same time, it also poses many challenges in cybersecurity. The Draft Law on Cyber Security 2025, developed to consolidate the Law on Cyber Information Security 2015 and the Law on Cyber Security 2018 (the "Draft"), not only aims to protect national sovereignty in cyberspace but also create significant changes in the business environment, especially for businesses operating in the fields of information technology, network services, and cybersecurity. This article will analyze the impacts of the draft law on business operations, from simplifying administrative procedures, improving the business environment, to new challenges that businesses need to face.

What businesses need to do after level 2 electronic identification

According to the provisions of Decree 69/2024/ND-CP, accounts issued by the National Public Service Portal and the information system for handling administrative procedures at ministerial and provincial levels to agencies and organizations can only be used until the end of June 30, 2025. Although businesses can still continue to carry out administrative procedures with these accounts, switching to using VNeID level 2 electronic identification accounts is necessary, not only to meet the regulations on deadlines, but also to gradually change the mindset of approaching public services in the direction of digitalization. synchronize and authenticate user identities.

Data protection in a changing world

On 7 July 2025, at the Personal Data Protection Week 2025 held in Singapore, the Minister of Digital Development and Information, Ms. Josephine Teo, delivered an inspiring opening speech, emphasizing the importance of data protection, especially personal data in the context of a rapidly changing world. With the theme "Data Protection in a Changing World" , her speech addressed the challenges and opportunities that the development of technology, especially artificial intelligence (AI), brings in the field of data governance. This article will delve into the key takeaways from her speech and examine how Singapore is shaping a secure and reliable digital future.

Domain name dispute – What should businesses do?

In the context of e-commerce and digital transformation playing an increasingly important role in business activities, domain names are no longer just an access address on the Internet, but have become valuable commercial assets, associated with the brand, reputation and presence of businesses in the digital environment. However, along with this increasing role is the risk of arising legal disputes related to domain names – a type of dispute that is developing more and more complex and diverse in practice.

What do businesses need to prepare for the new requirements on personal data protection in Vietnam?

On June 26, 2025, the National Assembly of Vietnam passed the Law on Personal Data Protection 2025 (PDPL 2025), which will take effect from January 1, 2026, marking an important step forward in perfecting the legal framework for personal data protection in Vietnam. Along with Decree 13/2023/ND-CP (PDPD 2023), which came into effect on July 1, 2023, these regulations set new and stricter requirements for businesses to process personal data. In the context of strong digital transformation, personal data has become a valuable asset but also a target of abuse, from information leakage to unauthorized trading. So what do businesses need to do to comply with new legal requirements, mitigate risks and maintain a competitive advantage? This article will analyze the necessary preparation steps, from reviewing internal processes to implementing technical, legal, and administrative measures.

Vietnam adopts The Law on Personal Data Protection: A new step in privacy protection

On June 26, 2025, at the 9th session, the 15th National Assembly of Vietnam officially approved the Law on Personal Data Protection (the PDPL), marking an important milestone in building a legal framework for personal data protection in the context of strong digital transformation. The PDPL with 39 articles, effective from January 1, 2026, is divided into 5 chapters, not only meeting the internal needs for the protection of citizens' rights but also in line with international trends in personal data management.

Draft Law on Personal data protection: Legal Gaps in the protection of employee data

In the context of global digital transformation, personal data has become an important resource, especially in the labor sector, where personal information of employees and candidates is regularly collected, processed, and stored. In Vietnam, the Draft Law on Personal Data Protection (Draft), especially Article 21 , is designed to establish a legal framework for personal data protection in the recruitment and management of workers. This regulation reflects Vietnam's efforts to integrate with international standards, such as the European Union's General Data Protection Regulation (GDPR), and meet the requirements for privacy protection in the context of Vietnam.

European Data Protection Authority's ruling and lessons learned for Vietnam

In the context of global digital transformation, cloud services such as Microsoft 365 have become indispensable tools for public organizations as well as private organizations. However, the use of these platforms poses a major challenge in terms of personal data protection, especially when data is transferred outside the domestic jurisdiction. The case of the European Commission (EC) being investigated and sanctioned by the European Data Protection Authority (EDPS) for using Microsoft 365 is a wake-up call for the protection of personal data in the public sector of many countries. The EDPS decision not only sheds light on the gaps in data management of one of the most powerful bodies in the European Union (EU), but also provides important lessons for countries like Vietnam, where the legal framework for protecting personal data is being built.

Are countries around the world banned the sale and purchase of personal data?

The answer is not simple and depends on the legislative philosophy, the level of technological development, and the cultural perspective on privacy in each country. Some countries, especially in Europe, consider personal data as a fundamental human right and apply strict regulations. Meanwhile, in other regions, such as the United States, the approach is somewhat more flexible, creating a legal gray area where personal data is still widely traded. In this article, we will analyze the legal frameworks in key regions of the world – Europe, North America, Asia, Oceania, and South America – to clarify how countries handle the purchase and sale of personal data, while assessing global trends and making recommendations for Vietnam.

Contents to be carefully considered before passing the Draft Law on Personal Data Protection

In the context of strong digital transformation, protecting personal data has become a top priority in many countries, including Vietnam. Decree 13/2023/ND-CP on Personal Data Protection has laid the foundation for the legal framework for data protection, and the Draft Law on Personal Data Protection (the "Draft"), which was submitted to the National Assembly at its 9th session (May 2025) and is expected to be adopted at this session, is expected to complete one of Vietnam's most important laws in personal data protection. With 68 provisions ranging from general regulations to the responsibilities of stakeholders, the Draft represents an effort to build a comprehensive legal framework. However, some contents in the draft are still unclear, difficult to implement, or not in line with the economic, social and legal practices of Vietnam.

Data, Privacy & Cybersecurity

Office